#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

NFT | Breaking Cybersecurity News | The Hacker News

FBI Alert: Crypto Scammers are Masquerading as NFT Developers

FBI Alert: Crypto Scammers are Masquerading as NFT Developers
Aug 07, 2023 Cyber Crime / Cryptocurrency
The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI  said  in an advisory last week. The replica websites urge potential targets to connect their cryptocurrency wallets and purchase the NFT, only for the threat actors to siphon the funds and NFTs to wallets under their control. "Contents stolen from victims' wallets are often processed through a ser

Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies
Apr 25, 2022
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared with The Hacker News. "In other words, attackers could gain full control over the victim's wallets." Ever Surf  is a cryptocurrency wallet for the Everscale (formerly FreeTON) blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens (NFTs). It's said to have an  estimated  669,700 accounts across the world. By means of different attack vectors like malicious browser extensions or phishing links, the flaw makes it possible to obtain a wallet's encr

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto
Apr 01, 2022
The North Korean state-backed hacking crew, otherwise known as the  Lazarus Group , has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host. Russian cybersecurity firm Kaspersky  said  it first encountered the rogue application in mid-December 2021. The infection scheme initiated by the app also results in the deployment of the installer for a legitimate application, which gets overwritten with a trojanized version in an effort to cover its tracks. That said, the initial access avenue is unclear, although it's suspected to be a case of social engineering. The spawned malware, which masquerades as Google's Chrome web browser, subsequently

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace

Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace
Feb 22, 2022
Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a  phishing attack  against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs , short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from expensive illustrations to collectibles and physical goods. The opportunistic social engineering scam  swindled the users  by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go. "By signing the transaction, an atomicMatch_ request would be sent to the attacker contract," Check Point researchers  explained . "From there, the atomicMatch_ would be forwarded to the OpenSea contract," leading t
Cybersecurity Resources